OMB_NIST_AI_RMF_MAPPING.md

OMB & NIST AI Risk Management Framework (AI RMF) Mapping

Project

Federal FOIA Intelligence Search

Applicable Frameworks

• NIST AI Risk Management Framework (AI RMF 1.0)
• OMB Guidance on Responsible AI Use (M-21-06, M-23-10)

---

AI System Classification

Risk Tier: Low-Risk, Assistive, Non-Autonomous
Use Case: Research assistance for public records
Decision Authority: Human only

---

NIST AI RMF Core Mapping

GOVERN (G)

Control	Implementation
G-1 Transparency	Public documentation, disclosures
G-2 Accountability	Maintainer governance, feature flags
G-3 Human Oversight	User-initiated actions only
G-4 Policy Alignment	FOIA, journalism, legal ethics

---

MAP (M)

Control	Implementation
M-1 Context	Public FOIA materials only
M-2 Stakeholders	Journalists, researchers, courts
M-3 Harm Identification	Hallucination, misinterpretation

---

MEASURE (ME)

Control	Implementation
ME-1 Output Evaluation	Citation anchoring
ME-2 Performance	No accuracy claims
ME-3 Monitoring	Integrity hashes

---

MANAGE (MA)

Control	Implementation
MA-1 Risk Mitigation	AI opt-in, disclaimers
MA-2 Incident Response	Disable AI feature flags
MA-3 Change Control	Phase-based rollout

---

OMB Alignment Summary

✔ No automated decision-making
✔ No surveillance functionality
✔ No personal data processing
✔ No training on user inputs

---

Compliance Conclusion

This system aligns with low-risk assistive AI under NIST AI RMF and OMB guidance.